CGI Generic HTML Injections (quick test)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server may be prone to HTML injections.

Description :

The remote web server hosts CGI scripts that fail to adequately sanitize
request strings with malicious JavaScript. By leveraging this issue,
an attacker may be able to cause arbitrary HTML to be executed in a
user's browser within the security context of the affected site.

The remote web server may be vulnerable to IFRAME injections or
cross-site scripting attacks :

- IFRAME injections allow 'virtual defacement' that
might scare or anger gullible users. Such injections
are sometimes implemented for 'phishing' attacks.

- XSS are extensively tested by four other scripts.

- Some applications (e.g. web forums) authorize a subset
of HTML without any ill effect. In this case, ignore
this warning.

See also :

http://www.nessus.org/u?f8fdd645

Solution :

Either restrict access to the vulnerable application or contact the
vendor for an update.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: CGI abuses : XSS

Nessus Plugin ID: 49067 ()

Bugtraq ID:

CVE ID: